Is LinkedIn Intro Good, Bad, or Impossible?

When LinkedIn posted LinkedIn Intro: Doing the Impossible on iOS I was intrigued. The post title was provocative (presumably as intended) and drew a lot of attention from various people in the security world. Several of these posts were deeply critical which generated another post from LinkedIn titled The Facts about LinkedIn Intro. By this point I had sent emails to several of my friends who were experts in the email / SMTP / IMAP / security ecosystem and was already getting feedback that generally trended negative. And then I saw this post titled Phishing With Linkedin’s Intro – a clever phishing attack on Intro (since fixed by LinkedIn).

All of this highlights for me my general suspicion around the word “impossible” along with the complexity that is increasing as more and more services interconnect in non-standard ways.

One of the thoughtful notes I got was from Scott Petry – one of my good friends and co-founder of Authentic8 (we are investors). Scott co-founded Postini and a bunch of email stuff at Google after Google acquired Postini in 2007. Following are his thoughts on LinkedIn Intro.

I am all for seamless integration of services. And while “man in the middle” is commonly seen as a pejorative, the MITM approach can enable integrations that weren’t readily available previously.

Postini, which started life as a spam filtering service became a huge email MITM enabling all sorts of email processing not available on the mail server itself. Seamless integration was a big part of our success – companies pointed their mx record to Postini, Postini filtered and passed the good stuff on to the company’s mail server. While controversial in 1999, DNS redirect-based services have become accepted across all ports and protocols. Companies such as Cloudflare, OpenDNS, Smartling, and more all offer in-line services that improve the web experience through DNS-level MITM-type model. Simple to configure and high leverage. They just aren’t thought of as MITM services.

Extending functionality of services by authorizing plug-ins to gain access to your data can be really useful as well. I use Yesware in Gmail to help track messages and automate responses when I send company-related marketing/sales emails. It’s a great service, enabling functionality not previously available, and you could think of this as a man in the middle as well. It is important to point out that in the case of Yesware and DNS style integrations, I need to explicitly approve the integration. The details are made available up front.

New levels of integrated services are coming online daily. And vendors are getting more and more clever with APIs or skirting them altogether in order to get their app in front of us. It’s natural to be sucked in by the value of these services and it’s easy to overlook any downside. Especially given that for many of them, the people who are paid to think about security ramifications aren’t in the loop. They can be installed and configured by end users, not IT. And most users take the security for granted … or overlook it all together.

Last week, on the LinkedIn engineering blog, details on the new LinkedIn Intro app were shared. Intro integrates dynamic LinkedIn profile information directly into the iOS email app. It didn’t get much attention when it was launched, but once the engineering team blogged about how did the impossible to integrate with the iOS email client, the story blew up.

Details on their approach here (http://engineering.linkedin.com/mobile/linkedin-intro-doing-impossible-ios).

LinkedIn Intro does a beautiful job of auto-discovering your environment and auto-configuring itself. A click or two by the user, and they’re up and running with active LinkedIn data in their email app.

All this clever engineering hides the fact that LinkedIn is accessing your email on your behalf. Intro uses an IMAP proxy server to fetch your mail where they modify it, then deliver it to your iPhone. Classic Man in the Middle.

If you remember setting up your mail service on your iPhone, it is a bit clunky. You need to know the host names of your service, the ports, encryption values, etc. It isn’t easy. But you don’t do any of this with Intro. Instead of going through the usual configuration screens on iOS, Intro uses Apple’s “configuration profiles” capability auto discover your accounts and insert their servers in the middle. And since it uses OAuth to log in, it doesn’t even need to ask for your credentials.

They do such a good job of hiding what they’re doing that the significance of the data issues were lost on everyone (except the security researchers who raised the brouhaha).

This weekend, LinkedIn made another blog post. In their words, they wanted to “address inaccurate assertions that have been made” and “clear up these inaccuracies and misperceptions”. The post, here (http://blog.linkedin.com/2013/10/26/the-facts-about-linkedin-intro/) followed the PR playbook to the letter.

With one small exception concerning a profile change, the post does nothing to clear up inaccuracies and misperceptions. Instead, their post lists their reassurances about how secure the service is.

Even with these assurances, the facts remain. LinkedIn Intro pipes your email through their servers. All of it. LinkedIn Intro inserts their active web content into your email data. At their discretion.

With its clever engineering, Intro became a violation of trust. And worse, potentially a massive security hole. If the research community didn’t raise the alarm, the details of Intro’s integration wouldn’t have hit the radar.

I think the lesson here is two-fold:

1) We live in a world where our data is scattered across a variety of disparate systems. It is incumbent on us to understand the risks and weigh them against the reward of the shiny new app promising to make our lives better. If something appears to be too good to be true, it probably is.

2) Vendors need to be more transparent about what they’re doing with our data. Especially if the vendor has a spotty reputation in privacy and security realms. If they’re not, the Internet community will do it for you.

You summed up the situation pretty well Brad. I agree that Intro is a really clever way of tricking people into giving up their data (very important and valuable data at that). LinkedIn is clearly gaining more value from the arrangement than the user.

In a case like this, should Apple or Google step up and provide safeguards/warnings, such as what they do with malware sites? The alternative is educating users so they understand what they’re giving away, but that only goes so far.

http://www.feld.com bfeld

I don’t know the answer. But the good news is the Internet will shine light on it!

http://blog.ricardodiz.com/ Ricardo Diz

Bottom line is, it seems LinkedIn is providing a new interesting service (having quick and easy access to the business profiles of who is sending the email).

The problem is that it comes at a cost that might prove to be too high for massive traction from early adopters (who are more tech savvy): it creates a potential security issue by having all of the data go through their “pipes”…

Not a fan on these terms, but interesting take I would say.

http://www.feld.com bfeld

Well said.

wkoffel

I love that LinkedIn did the legwork on this kind of Man in the Middle approach. But now it makes me want a 3rd party to come along and productize it in a more general fashion.

Imagine a company like IFTTT, but a scalable email proxy. You’d log into your account, and select from a wide selection of plugins from trusted companies (like LinkedIn) that would modify your email in various ways. So include information about your social graph from Facebook, LinkedIn, Twitter, etc. Or when a bare link is included, show an image preview of what’s behind the link, or add a one-click option to add the link to Instapaper, or include links to apps that you know are installed on your device via custom URL handlers. Lots of possibilities!

I know there are folks that do some of this, but I’m intrigued at the idea of targeting it specifically at email consumption on mobile devices (by some counts as high as 70% already).

As it stands, not only don’t I want to proxy my email through LinkedIn, but if anyone else tries a similar approach, it’s one-or-the-other.

There’s a bunch of work to get such a service up and running, but LinkedIn appears to have done 75% of the engineering legwork. Maybe there’s a model that allows them to spin it out into an independent service that others could benefit from.

http://www.feld.com bfeld

Maybe, but I doubt that’s part of the grand plan to “get all your data.”

Bernardo

Brad, the fact is this issue is highly overhyped by the media. It was stupid on LinkedIn’s part to make that post and give “Tech Reporters” some food for link bait articles… If they didn’t, nobody would be trolling them about Intro…

Yes, they proxy all your e-mail. They have access to it. Like Google does (that guy who scans your e-mail to show you ads). And so do lots of other “email cloud providers”, which are nothing but MITM.

Has anybody ever complained that Mailbox, the overhyped and so well received iPhone App acquired by Dropbox, does EXACTLY the same thing with your e-mail? That is, they are a MITM and even send you push notifications of every message you get… Real time MITM! There was a queue of thousands to use their service and nobody seemed worried. They had to throttle it since they couldn’t proxy all that e-mail without more IT infrastructure…

So, all in a sudden is LinkedIn, a public company, less trustable than Mailbox was (when it was a rogue startup that had nothing to lose by selling all your data)? Or, now that it is owned by Dropbox, can’t the huge corp they are now under use all that sourced e-mail data for some type of intelligence or marketing effort?

Our cloud infrastructure is full of security holes. For instance, I just checked that my Dropbox has 8 connected “Apps”, that is, services that can access all my files. That is, 8 MITM who have unlimited access to all of my company files, reports, financials… This is actually way worse than a e-mail proxy… And most of them are superfluous services I could live without, like “jolicloud”, which I was just testing.

The fact is, in a cloud world, whoever the cloud providers are, they must be trusted by their users. If one trusts LinkedIn to store all of their professional history, contacts, and so on, I don’t see why they couldn’t trust them to proxy their e-mail. I do, and I have Intro on my iPhone right now. It works great (I will stick with it as long as it works well and proves useful).

http://www.feld.com bfeld

Email comment from a reader:

“Another example.. I have the LinkedIn social connector set-up in Outlook which displays LinkedIn info if email sender/recipient happens to be a connection of mine.

However what is quite freaky is that I’ve begun to notice that my suggested contacts on LinkedIn are now being partly driven by my email correspondence in Outlook.

This is value-add but alarms bells all the same since I did not expect this flow of data (email>LI) rather just vice versa….”

http://www.feld.com bfeld

Another email comment from a reader – I’m intrigued that I’m getting these by email instead of blog comments for this one.

“Great post by Scott. I can tell you that there’s intense pressure in social media companies like LinkedIn to circumvent trust in order to drive higher levels of user engagement. It’s an “ask for forgiveness, not permission” kind of culture.

I take a hard look at “we’re making things easier for you” features as a result of this, asking myself if the convenience is worth the risk of loss of data privacy.”

http://www.startupmanagement.org/ William Mougayar

There is no doubt LinkedIn is being aggressive, to the point of revealing their hyperbolic aspirations.